Hi Jeff,
It is a bug, I have logged an issue here:
https://jersey.dev.java.net/issues/show_bug.cgi?id=549
and i have a fix for it in my local workspace i should be able to
commit today.
Paul.
On Jun 18, 2010, at 8:35 AM, Jeff Crump wrote:
> Hi,
>
> My application has a filter in which I check some security
> constraints against the credentials associated with the requesting
> user. This works properly for GET methods that I've implemented in
> my resources and sub-resources.
>
> I've haing a problem, though, with the HEAD support provided by
> Jersey. Since I don't explicitly declare a @HEAD method in my
> resources, it's ending up at ResourceHeaderWrapperMethod. The
> upshot is that my security filter is not being called -- while a GET
> is rejected (I return a 403), a HEAD of the same resource is
> permitted. I expected HEAD to work by invoking GET and then
> discarding the body, but obviously things don't work this way.
>
> The simple answer would be to add new @HEAD methods to all my
> resources (and subresources) but I really don't want to do this.
> Is there a way to use a filter or some other mechanism to handle
> this in a central place?
>
> Thanks,
>
> Jeff
>